From 55b58518fbf7bf5bcc9e55dadbe114f6b036a81d Mon Sep 17 00:00:00 2001 From: Filip Navara Date: Wed, 19 May 2021 15:52:09 +0200 Subject: [PATCH 01/16] Make DSA.Create, AesCcm, AesGcm, ChaCha20Poly1305 throw PNSE on iOS --- ...em.Security.Cryptography.Algorithms.csproj | 20 ++++++---- .../Cryptography/AesCcm.NotSupported.cs | 38 +++++++++++++++++++ .../Cryptography/AesGcm.NotSupported.cs | 38 +++++++++++++++++++ .../Security/Cryptography/CryptoConfig.cs | 9 ++++- .../Cryptography/DSA.Create.NotSupported.cs | 13 +++++++ .../tests/AesCcmTests.cs | 4 ++ .../tests/AesGcmTests.cs | 4 ++ .../tests/CryptoConfigTests.cs | 9 ++++- 8 files changed, 123 insertions(+), 12 deletions(-) create mode 100644 src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.Create.NotSupported.cs diff --git a/src/libraries/System.Security.Cryptography.Algorithms/src/System.Security.Cryptography.Algorithms.csproj b/src/libraries/System.Security.Cryptography.Algorithms/src/System.Security.Cryptography.Algorithms.csproj index 833822b03c7fd..b811c393c7336 100644 --- a/src/libraries/System.Security.Cryptography.Algorithms/src/System.Security.Cryptography.Algorithms.csproj +++ b/src/libraries/System.Security.Cryptography.Algorithms/src/System.Security.Cryptography.Algorithms.csproj @@ -520,8 +520,6 @@ Link="Common\Microsoft\Win32\SafeHandles\SafeCreateHandle.OSX.cs" /> - + - + + + + - - + + + - @@ -676,6 +678,8 @@ Link="Common\Interop\Android\System.Security.Cryptography.Native.Android\Interop.Rsa.cs" /> + diff --git a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/AesCcm.NotSupported.cs b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/AesCcm.NotSupported.cs index 170540eec2cee..6cbfe82d10ab7 100644 --- a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/AesCcm.NotSupported.cs +++ b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/AesCcm.NotSupported.cs @@ -1,10 +1,48 @@ // Licensed to the .NET Foundation under one or more agreements. // The .NET Foundation licenses this file to you under the MIT license. +using System.Diagnostics; + namespace System.Security.Cryptography { public partial class AesCcm { public static bool IsSupported => false; + +#if !BROWSER // allow GenFacades to handle browser target + private void ImportKey(ReadOnlySpan key) + { + Debug.Fail("Instance ctor should fail before we reach this point."); + throw new NotImplementedException(); + } + + private void EncryptCore( + ReadOnlySpan nonce, + ReadOnlySpan plaintext, + Span ciphertext, + Span tag, + ReadOnlySpan associatedData = default) + { + Debug.Fail("Instance ctor should fail before we reach this point."); + throw new NotImplementedException(); + } + + private void DecryptCore( + ReadOnlySpan nonce, + ReadOnlySpan ciphertext, + ReadOnlySpan tag, + Span plaintext, + ReadOnlySpan associatedData = default) + { + Debug.Fail("Instance ctor should fail before we reach this point."); + throw new NotImplementedException(); + } + + public void Dispose() + { + Debug.Fail("Instance ctor should fail before we reach this point."); + // no-op + } +#endif } } diff --git a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/AesGcm.NotSupported.cs b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/AesGcm.NotSupported.cs index efbf1a729b57c..0950177836646 100644 --- a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/AesGcm.NotSupported.cs +++ b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/AesGcm.NotSupported.cs @@ -1,10 +1,48 @@ // Licensed to the .NET Foundation under one or more agreements. // The .NET Foundation licenses this file to you under the MIT license. +using System.Diagnostics; + namespace System.Security.Cryptography { public partial class AesGcm { public static bool IsSupported => false; + +#if !BROWSER // allow GenFacades to handle browser target + private void ImportKey(ReadOnlySpan key) + { + Debug.Fail("Instance ctor should fail before we reach this point."); + throw new NotImplementedException(); + } + + private void EncryptCore( + ReadOnlySpan nonce, + ReadOnlySpan plaintext, + Span ciphertext, + Span tag, + ReadOnlySpan associatedData = default) + { + Debug.Fail("Instance ctor should fail before we reach this point."); + throw new NotImplementedException(); + } + + private void DecryptCore( + ReadOnlySpan nonce, + ReadOnlySpan ciphertext, + ReadOnlySpan tag, + Span plaintext, + ReadOnlySpan associatedData = default) + { + Debug.Fail("Instance ctor should fail before we reach this point."); + throw new NotImplementedException(); + } + + public void Dispose() + { + Debug.Fail("Instance ctor should fail before we reach this point."); + // no-op + } +#endif } } diff --git a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/CryptoConfig.cs b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/CryptoConfig.cs index 898cf554a8bc3..ff73ce605054d 100644 --- a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/CryptoConfig.cs +++ b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/CryptoConfig.cs @@ -185,8 +185,13 @@ private static Dictionary DefaultNameHT ht.Add("System.Security.Cryptography.RSA", RSACryptoServiceProviderType); ht.Add("System.Security.Cryptography.AsymmetricAlgorithm", RSACryptoServiceProviderType); - ht.Add("DSA", DSACryptoServiceProviderType); - ht.Add("System.Security.Cryptography.DSA", DSACryptoServiceProviderType); + if (!OperatingSystem.IsIOS() && + !OperatingSystem.IsTvOS() && + !OperatingSystem.IsMacCatalyst()) + { + ht.Add("DSA", DSACryptoServiceProviderType); + ht.Add("System.Security.Cryptography.DSA", DSACryptoServiceProviderType); + } // Windows will register the public ECDsaCng type. Non-Windows gets a special handler. if (OperatingSystem.IsWindows()) diff --git a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.Create.NotSupported.cs b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.Create.NotSupported.cs new file mode 100644 index 0000000000000..8ebda687277a9 --- /dev/null +++ b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.Create.NotSupported.cs @@ -0,0 +1,13 @@ +// Licensed to the .NET Foundation under one or more agreements. +// The .NET Foundation licenses this file to you under the MIT license. + +namespace System.Security.Cryptography +{ + public partial class DSA : AsymmetricAlgorithm + { + public static new DSA Create() + { + throw new PlatformNotSupportedException(); + } + } +} \ No newline at end of file diff --git a/src/libraries/System.Security.Cryptography.Algorithms/tests/AesCcmTests.cs b/src/libraries/System.Security.Cryptography.Algorithms/tests/AesCcmTests.cs index 7ee3d6c76d72f..a828a19232e70 100644 --- a/src/libraries/System.Security.Cryptography.Algorithms/tests/AesCcmTests.cs +++ b/src/libraries/System.Security.Cryptography.Algorithms/tests/AesCcmTests.cs @@ -707,6 +707,10 @@ public static void CheckIsSupported() { expectedIsSupported = PlatformDetection.OpenSslPresentOnSystem; } + else if (OperatingSystem.IsIOS() || OperatingSystem.IsTvOS() || OperatingSystem.IsMacCatalyst()) + { + expectedIsSupported = false; + } Assert.Equal(expectedIsSupported, AesCcm.IsSupported); } diff --git a/src/libraries/System.Security.Cryptography.Algorithms/tests/AesGcmTests.cs b/src/libraries/System.Security.Cryptography.Algorithms/tests/AesGcmTests.cs index 514c189496f24..f0fc1159379ee 100644 --- a/src/libraries/System.Security.Cryptography.Algorithms/tests/AesGcmTests.cs +++ b/src/libraries/System.Security.Cryptography.Algorithms/tests/AesGcmTests.cs @@ -875,6 +875,10 @@ public static void CheckIsSupported() { expectedIsSupported = PlatformDetection.OpenSslPresentOnSystem; } + else if (OperatingSystem.IsIOS() || OperatingSystem.IsTvOS() || OperatingSystem.IsMacCatalyst()) + { + expectedIsSupported = false; + } Assert.Equal(expectedIsSupported, AesGcm.IsSupported); } diff --git a/src/libraries/System.Security.Cryptography.Algorithms/tests/CryptoConfigTests.cs b/src/libraries/System.Security.Cryptography.Algorithms/tests/CryptoConfigTests.cs index 245f023acb53e..3ae50adcc0a73 100644 --- a/src/libraries/System.Security.Cryptography.Algorithms/tests/CryptoConfigTests.cs +++ b/src/libraries/System.Security.Cryptography.Algorithms/tests/CryptoConfigTests.cs @@ -222,8 +222,13 @@ public static IEnumerable AllValidNames yield return new object[] { "RSA", "System.Security.Cryptography.RSACryptoServiceProvider", true }; yield return new object[] { "System.Security.Cryptography.RSA", "System.Security.Cryptography.RSACryptoServiceProvider", true }; yield return new object[] { "System.Security.Cryptography.AsymmetricAlgorithm", "System.Security.Cryptography.RSACryptoServiceProvider", true }; - yield return new object[] { "DSA", "System.Security.Cryptography.DSACryptoServiceProvider", true }; - yield return new object[] { "System.Security.Cryptography.DSA", "System.Security.Cryptography.DSACryptoServiceProvider", true }; + if (!OperatingSystem.IsIOS() && + !OperatingSystem.IsTvOS() && + !OperatingSystem.IsMacCatalyst()) + { + yield return new object[] { "DSA", "System.Security.Cryptography.DSACryptoServiceProvider", true }; + yield return new object[] { "System.Security.Cryptography.DSA", "System.Security.Cryptography.DSACryptoServiceProvider", true }; + } yield return new object[] { "ECDsa", "System.Security.Cryptography.ECDsaCng", true }; yield return new object[] { "ECDsaCng", "System.Security.Cryptography.ECDsaCng", false }; yield return new object[] { "System.Security.Cryptography.ECDsaCng", null, false }; From 034b4abaa98e76d4045ec75a5b83ff30cedf1063 Mon Sep 17 00:00:00 2001 From: Filip Navara Date: Wed, 19 May 2021 18:26:47 +0200 Subject: [PATCH 02/16] Remove DSASecurityTransforms.iOS.cs --- .../Cryptography/DSASecurityTransforms.iOS.cs | 25 ------------------- 1 file changed, 25 deletions(-) delete mode 100644 src/libraries/Common/src/System/Security/Cryptography/DSASecurityTransforms.iOS.cs diff --git a/src/libraries/Common/src/System/Security/Cryptography/DSASecurityTransforms.iOS.cs b/src/libraries/Common/src/System/Security/Cryptography/DSASecurityTransforms.iOS.cs deleted file mode 100644 index 2773e65dbc74e..0000000000000 --- a/src/libraries/Common/src/System/Security/Cryptography/DSASecurityTransforms.iOS.cs +++ /dev/null @@ -1,25 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. - -using System.Buffers; -using System.Diagnostics; -using System.Formats.Asn1; -using System.IO; -using System.Runtime.InteropServices; -using System.Security.Cryptography.Apple; -using Internal.Cryptography; - -namespace System.Security.Cryptography -{ - internal static partial class DSAImplementation - { - public sealed partial class DSASecurityTransforms : DSA - { - public override DSAParameters ExportParameters(bool includePrivateParameters) - => throw new PlatformNotSupportedException(); - - public override void ImportParameters(DSAParameters parameters) - => throw new PlatformNotSupportedException(); - } - } -} From 8152f88164feee872597c24ddd59969d3ce7db94 Mon Sep 17 00:00:00 2001 From: Filip Navara Date: Wed, 19 May 2021 18:30:03 +0200 Subject: [PATCH 03/16] Re-enable System.Security.Cryptography.Algorithms.Tests on iOS --- src/libraries/tests.proj | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/libraries/tests.proj b/src/libraries/tests.proj index 096343ab2e8d3..45e3a9e6e854d 100644 --- a/src/libraries/tests.proj +++ b/src/libraries/tests.proj @@ -164,9 +164,6 @@ - - - From 2e107741adbd5f15692dce0bdb42711c439f802e Mon Sep 17 00:00:00 2001 From: Filip Navara Date: Thu, 20 May 2021 06:59:21 +0200 Subject: [PATCH 04/16] Fix System.Security.Cryptography.Primitives.Tests CryptoConfig tests --- .../tests/CryptoConfigTests.cs | 23 ++++++++++++++++++- ...urity.Cryptography.Primitives.Tests.csproj | 2 ++ 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/src/libraries/System.Security.Cryptography.Primitives/tests/CryptoConfigTests.cs b/src/libraries/System.Security.Cryptography.Primitives/tests/CryptoConfigTests.cs index 36bb7f85caffc..205de5e17212c 100644 --- a/src/libraries/System.Security.Cryptography.Primitives/tests/CryptoConfigTests.cs +++ b/src/libraries/System.Security.Cryptography.Primitives/tests/CryptoConfigTests.cs @@ -1,6 +1,7 @@ // Licensed to the .NET Foundation under one or more agreements. // The .NET Foundation licenses this file to you under the MIT license. +using Test.Cryptography; using Xunit; namespace System.Security.Cryptography.CryptoConfigTests @@ -126,9 +127,20 @@ public static void NamedSymmetricAlgorithmCreate(string identifier, Type baseTyp [InlineData("RSA", typeof(RSA))] [InlineData("System.Security.Cryptography.RSA", typeof(RSA))] [InlineData("ECDsa", typeof(ECDsa))] + public static void NamedAsymmetricAlgorithmCreate(string identifier, Type baseType) + { + using (AsymmetricAlgorithm created = AsymmetricAlgorithm.Create(identifier)) + { + Assert.NotNull(created); + Assert.IsAssignableFrom(baseType, created); + } + } + + [Theory] [InlineData("DSA", typeof(DSA))] [InlineData("System.Security.Cryptography.DSA", typeof(DSA))] - public static void NamedAsymmetricAlgorithmCreate(string identifier, Type baseType) + [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + public static void NamedAsymmetricAlgorithmCreate_DSA(string identifier, Type baseType) { using (AsymmetricAlgorithm created = AsymmetricAlgorithm.Create(identifier)) { @@ -137,6 +149,15 @@ public static void NamedAsymmetricAlgorithmCreate(string identifier, Type baseTy } } + [Theory] + [InlineData("DSA")] + [InlineData("System.Security.Cryptography.DSA")] + [PlatformSpecific(PlatformSupport.MobileAppleCrypto)] + public static void NamedAsymmetricAlgorithmCreate_DSA_NotSupported(string identifier) + { + Assert.Null(AsymmetricAlgorithm.Create(identifier)); + } + [Fact] public static void NamedCreate_Mismatch() { diff --git a/src/libraries/System.Security.Cryptography.Primitives/tests/System.Security.Cryptography.Primitives.Tests.csproj b/src/libraries/System.Security.Cryptography.Primitives/tests/System.Security.Cryptography.Primitives.Tests.csproj index ab43c57e984c4..3131378207d2d 100644 --- a/src/libraries/System.Security.Cryptography.Primitives/tests/System.Security.Cryptography.Primitives.Tests.csproj +++ b/src/libraries/System.Security.Cryptography.Primitives/tests/System.Security.Cryptography.Primitives.Tests.csproj @@ -4,6 +4,8 @@ true + From 51368a39fe02bf11f8a913c7228145acb6d36a73 Mon Sep 17 00:00:00 2001 From: Filip Navara Date: Thu, 20 May 2021 07:04:27 +0200 Subject: [PATCH 05/16] Disable DSA tests in System.Security.Cryptography.Csp.Tests --- .../tests/DSACryptoServiceProviderTests.cs | 2 ++ src/libraries/tests.proj | 1 - 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/libraries/System.Security.Cryptography.Csp/tests/DSACryptoServiceProviderTests.cs b/src/libraries/System.Security.Cryptography.Csp/tests/DSACryptoServiceProviderTests.cs index a766c5fe36688..8a703c33d1d25 100644 --- a/src/libraries/System.Security.Cryptography.Csp/tests/DSACryptoServiceProviderTests.cs +++ b/src/libraries/System.Security.Cryptography.Csp/tests/DSACryptoServiceProviderTests.cs @@ -2,10 +2,12 @@ // The .NET Foundation licenses this file to you under the MIT license. using System.Security.Cryptography.Dsa.Tests; +using Test.Cryptography; using Xunit; namespace System.Security.Cryptography.Csp.Tests { + [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] public class DSACryptoServiceProviderTests { const int PROV_DSS_DH = 13; diff --git a/src/libraries/tests.proj b/src/libraries/tests.proj index 45e3a9e6e854d..8e71ff3ae754a 100644 --- a/src/libraries/tests.proj +++ b/src/libraries/tests.proj @@ -158,7 +158,6 @@ - From 367ea34adf06aa16e62edc3f7a218ec2a283b746 Mon Sep 17 00:00:00 2001 From: Filip Navara Date: Thu, 20 May 2021 07:51:45 +0200 Subject: [PATCH 06/16] Enable System.Security.Cryptography.Pkcs tests on iOS --- .../tests/TestUtilities/System/PlatformDetection.cs | 1 + .../tests/SignedCms/SignedCmsTests.cs | 12 +++++++++++- .../tests/SignedCms/SignedCmsTests.netcoreapp.cs | 6 +++++- .../tests/SignedCms/SignerInfoTests.cs | 13 ++++++++++++- .../tests/SignedCms/SignerInfoTests.netcoreapp.cs | 8 +++++++- 5 files changed, 36 insertions(+), 4 deletions(-) diff --git a/src/libraries/Common/tests/TestUtilities/System/PlatformDetection.cs b/src/libraries/Common/tests/TestUtilities/System/PlatformDetection.cs index 6c0d4a1978999..ecf16031fe9db 100644 --- a/src/libraries/Common/tests/TestUtilities/System/PlatformDetection.cs +++ b/src/libraries/Common/tests/TestUtilities/System/PlatformDetection.cs @@ -138,6 +138,7 @@ public static bool IsNonZeroLowerBoundArraySupported public static bool IsOpenSslSupported => IsLinux || IsFreeBSD || Isillumos || IsSolaris; public static bool UsesAppleCrypto => IsOSX || IsMacCatalyst || IsiOS || IstvOS; + public static bool UsesMobileAppleCrypto => IsMacCatalyst || IsiOS || IstvOS; // Changed to `true` when linking public static bool IsBuiltWithAggressiveTrimming => false; diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs index ce65f7a76e645..c53e966a72d9e 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs @@ -535,6 +535,7 @@ public static void AddSignerWithNegativeSerial() [Theory] [InlineData(SubjectIdentifierType.IssuerAndSerialNumber, false)] [InlineData(SubjectIdentifierType.IssuerAndSerialNumber, true)] + [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] public static void AddFirstSigner_DSA(SubjectIdentifierType identifierType, bool detached) { ContentInfo contentInfo = new ContentInfo(new byte[] { 9, 8, 7, 6, 5 }); @@ -1036,7 +1037,16 @@ public static void EnsureExtraCertsAdded(bool newDocument) else { cms = new SignedCms(); - cms.Decode(SignedDocuments.OneDsa1024); + + // DSA is not supported on mobile Apple platforms, so use ECDsa signed document instead + if (PlatformDetection.UsesMobileAppleCrypto) + { + cms.Decode(SignedDocuments.SHA256ECDSAWithRsaSha256DigestIdentifier); + } + else + { + cms.Decode(SignedDocuments.OneDsa1024); + } } int preCount = cms.Certificates.Count; diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.netcoreapp.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.netcoreapp.cs index a24a66d1f3912..9d90fe7905550 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.netcoreapp.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.netcoreapp.cs @@ -70,6 +70,7 @@ public static void SignCmsUsingExplicitRSAKey() } [Fact] + [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] public static void SignCmsUsingExplicitDSAKey() { using (X509Certificate2 cert = Certificates.Dsa1024.TryGetCertificateWithPrivateKey()) @@ -100,6 +101,7 @@ public static void SignCmsUsingExplicitECDsaP521Key() } [Fact] + [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] public static void CounterSignCmsUsingExplicitRSAKeyForFirstSignerAndDSAForCounterSignature() { using (X509Certificate2 cert = Certificates.RSA2048SignatureOnly.TryGetCertificateWithPrivateKey()) @@ -112,6 +114,7 @@ public static void CounterSignCmsUsingExplicitRSAKeyForFirstSignerAndDSAForCount } [Fact] + [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] public static void CounterSignCmsUsingExplicitDSAKeyForFirstSignerAndECDsaForCounterSignature() { using (X509Certificate2 cert = Certificates.Dsa1024.TryGetCertificateWithPrivateKey()) @@ -202,7 +205,7 @@ public static void SignCmsUsingRSACertWithNotMatchingKeyThrows() } [Fact] - [SkipOnPlatform(TestPlatforms.OSX, "Creating DSA keys is not supported on OSX")] + [SkipOnPlatform(PlatformSupport.AppleCrypto, "Creating DSA keys is not supported on OSX")] public static void SignCmsUsingDSACertWithNotMatchingKeyThrows() { byte[] content = { 9, 8, 7, 6, 5 }; @@ -401,6 +404,7 @@ public static void AddSigner_RSA_EphemeralKey() } [Fact] + [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] public static void AddSigner_DSA_EphemeralKey() { using (DSA dsa = DSA.Create()) diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.cs index ff67c37e9ec9d..9c558870210a0 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.cs @@ -444,6 +444,7 @@ public static void RemoveCounterSignature_WithNoMatch() [InlineData(0)] [InlineData(1)] [SkipOnTargetFramework(TargetFrameworkMonikers.NetFramework, "NetFx bug")] + [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] public static void RemoveCounterSignature_EncodedInSingleAttribute(int indexToRemove) { SignedCms cms = new SignedCms(); @@ -698,6 +699,7 @@ public static void AddCounterSignerToUnsortedAttributeSignature() } [Fact] + [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] public static void AddCounterSigner_DSA() { SignedCms cms = new SignedCms(); @@ -1027,7 +1029,16 @@ private static void AddSecondCounterSignature_NoSignature(bool withCertificate, public static void EnsureExtraCertsAdded() { SignedCms cms = new SignedCms(); - cms.Decode(SignedDocuments.OneDsa1024); + + // DSA is not supported on mobile Apple platforms, so use ECDsa signed document instead + if (PlatformDetection.UsesMobileAppleCrypto) + { + cms.Decode(SignedDocuments.SHA256ECDSAWithRsaSha256DigestIdentifier); + } + else + { + cms.Decode(SignedDocuments.OneDsa1024); + } int preCount = cms.Certificates.Count; diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.netcoreapp.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.netcoreapp.cs index 3bdef6bd3decd..cda2262f78205 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.netcoreapp.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.netcoreapp.cs @@ -246,7 +246,13 @@ public static void SignerInfo_AddRemoveUnsignedAttributes_JoinCounterSignaturesA cms.ComputeSignature(signer); } - using (X509Certificate2 counterSigner1cert = Certificates.Dsa1024.TryGetCertificateWithPrivateKey()) + // DSA is not supported on mobile Apple platforms, so use ECDsa key instead + X509Certificate2 counterSigner1cert = + PlatformDetection.UsesMobileAppleCrypto ? + Certificates.ECDsaP521Win.TryGetCertificateWithPrivateKey() : + Certificates.Dsa1024.TryGetCertificateWithPrivateKey(); + + using (counterSigner1cert) { CmsSigner counterSigner = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, counterSigner1cert); counterSigner.IncludeOption = X509IncludeOption.EndCertOnly; From 7848f96a89fdee5c2cdbe0f23038805ddda71f9f Mon Sep 17 00:00:00 2001 From: Filip Navara Date: Thu, 20 May 2021 08:01:13 +0200 Subject: [PATCH 07/16] Enable System.Security.Cryptography.Xml tests on iOS --- .../tests/DSAKeyValueTest.cs | 7 ++----- .../tests/SignedXmlTest.cs | 1 + .../tests/System.Security.Cryptography.Xml.Tests.csproj | 2 ++ src/libraries/tests.proj | 4 ---- 4 files changed, 5 insertions(+), 9 deletions(-) diff --git a/src/libraries/System.Security.Cryptography.Xml/tests/DSAKeyValueTest.cs b/src/libraries/System.Security.Cryptography.Xml/tests/DSAKeyValueTest.cs index a26582120fd2a..14863aff90810 100644 --- a/src/libraries/System.Security.Cryptography.Xml/tests/DSAKeyValueTest.cs +++ b/src/libraries/System.Security.Cryptography.Xml/tests/DSAKeyValueTest.cs @@ -13,11 +13,12 @@ using System.Linq; using System.Runtime.InteropServices; using System.Xml; +using Test.Cryptography; using Xunit; namespace System.Security.Cryptography.Xml.Tests { - + [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] public class DSAKeyValueTest { [Fact] @@ -51,7 +52,6 @@ public void Ctor_Dsa_Null() [Fact] [ActiveIssue("https://github.com/dotnet/runtime/issues/20575", TestPlatforms.OSX)] - [SkipOnPlatform(TestPlatforms.iOS | TestPlatforms.tvOS, "Not supported on iOS or tvOS.")] public void GetXml() { DSAKeyValue dsa = new DSAKeyValue(); @@ -80,7 +80,6 @@ public void GetXml() [Fact] [ActiveIssue("https://github.com/dotnet/runtime/issues/20575", TestPlatforms.OSX)] - [SkipOnPlatform(TestPlatforms.iOS | TestPlatforms.tvOS, "Not supported on iOS or tvOS.")] public void GetXml_SameDsa() { using (DSA dsa = DSA.Create()) @@ -92,7 +91,6 @@ public void GetXml_SameDsa() } [Fact] - [SkipOnPlatform(TestPlatforms.iOS | TestPlatforms.tvOS, "Not supported on iOS or tvOS.")] public void LoadXml() { const string pValue = "oDZlcdJA1Kf6UeNEIZqm4KDqA6zpX7CmEtAGWi9pgnBhWOUDVEfhswfsvTLR5BCbKfE6KoHvt5Hh8D1RcAko//iZkLZ+gds9y/5Oxape8tu3TUi1BnNPWu8ieXjMtdnpyudKFsCymssJked1rBeRePG23HTVwOV1DpopjRkjBEU="; @@ -132,7 +130,6 @@ public void LoadXml_Null() } [Fact] - [SkipOnPlatform(TestPlatforms.iOS | TestPlatforms.tvOS, "Not supported on iOS or tvOS.")] public void ImportDSAKeyValue() { string p = "6zJxhRqpk5yQ7sjFSr6mPepyVwpTAXSmw1oh+5Cn/z1DjFSpW6rC6sTOkE3CMNwWOwIzrpVS3bWep7wo9CaBrOPIIVe+E4sqpPeyM2wr10mQThHEsCQAjnxBhJJindf9amaBhi6sOtVNnyETFWV6yKDptZEm9c3xdl4L7ogEbX8="; diff --git a/src/libraries/System.Security.Cryptography.Xml/tests/SignedXmlTest.cs b/src/libraries/System.Security.Cryptography.Xml/tests/SignedXmlTest.cs index 54caa519ac66b..e616b96296526 100644 --- a/src/libraries/System.Security.Cryptography.Xml/tests/SignedXmlTest.cs +++ b/src/libraries/System.Security.Cryptography.Xml/tests/SignedXmlTest.cs @@ -539,6 +539,7 @@ public void ComputeSignatureNoSigningKey() } [Fact] + [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] public void ComputeSignatureMissingReferencedObject() { XmlDocument doc = new XmlDocument(); diff --git a/src/libraries/System.Security.Cryptography.Xml/tests/System.Security.Cryptography.Xml.Tests.csproj b/src/libraries/System.Security.Cryptography.Xml/tests/System.Security.Cryptography.Xml.Tests.csproj index 61ba24acb4c46..bdd0e35bf9b1b 100644 --- a/src/libraries/System.Security.Cryptography.Xml/tests/System.Security.Cryptography.Xml.Tests.csproj +++ b/src/libraries/System.Security.Cryptography.Xml/tests/System.Security.Cryptography.Xml.Tests.csproj @@ -3,6 +3,8 @@ $(NetCoreAppCurrent);net461 + diff --git a/src/libraries/tests.proj b/src/libraries/tests.proj index 8e71ff3ae754a..f973d6877e44b 100644 --- a/src/libraries/tests.proj +++ b/src/libraries/tests.proj @@ -143,10 +143,6 @@ - - - - From 806376da9e790b9bc2dec94ee07550358a5862ba Mon Sep 17 00:00:00 2001 From: Filip Navara Date: Thu, 20 May 2021 08:10:01 +0200 Subject: [PATCH 08/16] Add UnsupportedOSPlatform attributes --- .../System.Security.Cryptography.Algorithms.cs | 18 ++++++++++++++++++ .../src/System/Security/Cryptography/AesCcm.cs | 3 +++ .../Security/Cryptography/ChaCha20Poly1305.cs | 3 +++ .../Cryptography/DSA.Create.NotSupported.cs | 5 +++++ 4 files changed, 29 insertions(+) diff --git a/src/libraries/System.Security.Cryptography.Algorithms/ref/System.Security.Cryptography.Algorithms.cs b/src/libraries/System.Security.Cryptography.Algorithms/ref/System.Security.Cryptography.Algorithms.cs index f55f635e6b762..c11560bdb7179 100644 --- a/src/libraries/System.Security.Cryptography.Algorithms/ref/System.Security.Cryptography.Algorithms.cs +++ b/src/libraries/System.Security.Cryptography.Algorithms/ref/System.Security.Cryptography.Algorithms.cs @@ -15,6 +15,9 @@ protected Aes() { } public static new System.Security.Cryptography.Aes? Create(string algorithmName) { throw null; } } [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("browser")] + [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("ios")] + [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("tvos")] + [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("maccatalyst")] public sealed partial class AesCcm : System.IDisposable { public AesCcm(byte[] key) { } @@ -29,6 +32,9 @@ public void Encrypt(byte[] nonce, byte[] plaintext, byte[] ciphertext, byte[] ta public void Encrypt(System.ReadOnlySpan nonce, System.ReadOnlySpan plaintext, System.Span ciphertext, System.Span tag, System.ReadOnlySpan associatedData = default(System.ReadOnlySpan)) { } } [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("browser")] + [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("ios")] + [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("tvos")] + [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("maccatalyst")] public sealed partial class AesGcm : System.IDisposable { public AesGcm(byte[] key) { } @@ -101,6 +107,9 @@ protected AsymmetricSignatureFormatter() { } public abstract void SetKey(System.Security.Cryptography.AsymmetricAlgorithm key); } [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("browser")] + [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("ios")] + [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("tvos")] + [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("maccatalyst")] public sealed partial class ChaCha20Poly1305 : System.IDisposable { public ChaCha20Poly1305(byte[] key) { } @@ -154,8 +163,17 @@ protected DES() { } public abstract partial class DSA : System.Security.Cryptography.AsymmetricAlgorithm { protected DSA() { } + [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("ios")] + [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("tvos")] + [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("maccatalyst")] public static new System.Security.Cryptography.DSA Create() { throw null; } + [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("ios")] + [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("tvos")] + [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("maccatalyst")] public static System.Security.Cryptography.DSA Create(int keySizeInBits) { throw null; } + [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("ios")] + [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("tvos")] + [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("maccatalyst")] public static System.Security.Cryptography.DSA Create(System.Security.Cryptography.DSAParameters parameters) { throw null; } [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("The default algorithm implementations might be removed, use strong type references like 'RSA.Create()' instead.")] public static new System.Security.Cryptography.DSA? Create(string algName) { throw null; } diff --git a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/AesCcm.cs b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/AesCcm.cs index 91c73dcfb0be0..50377c3aee3e8 100644 --- a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/AesCcm.cs +++ b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/AesCcm.cs @@ -7,6 +7,9 @@ namespace System.Security.Cryptography { [UnsupportedOSPlatform("browser")] + [UnsupportedOSPlatform("ios")] + [UnsupportedOSPlatform("tvos")] + [UnsupportedOSPlatform("maccatalyst")] public sealed partial class AesCcm : IDisposable { public static KeySizes NonceByteSizes { get; } = new KeySizes(7, 13, 1); diff --git a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/ChaCha20Poly1305.cs b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/ChaCha20Poly1305.cs index 874133cc39f71..115edee5514a4 100644 --- a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/ChaCha20Poly1305.cs +++ b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/ChaCha20Poly1305.cs @@ -7,6 +7,9 @@ namespace System.Security.Cryptography { [UnsupportedOSPlatform("browser")] + [UnsupportedOSPlatform("ios")] + [UnsupportedOSPlatform("tvos")] + [UnsupportedOSPlatform("maccatalyst")] public sealed partial class ChaCha20Poly1305 : IDisposable { // Per https://tools.ietf.org/html/rfc7539, ChaCha20Poly1305 AEAD requires a 256-bit key and 96-bit nonce, diff --git a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.Create.NotSupported.cs b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.Create.NotSupported.cs index 8ebda687277a9..28c8781708959 100644 --- a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.Create.NotSupported.cs +++ b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.Create.NotSupported.cs @@ -1,10 +1,15 @@ // Licensed to the .NET Foundation under one or more agreements. // The .NET Foundation licenses this file to you under the MIT license. +using System.Runtime.Versioning; + namespace System.Security.Cryptography { public partial class DSA : AsymmetricAlgorithm { + [UnsupportedOSPlatform("ios")] + [UnsupportedOSPlatform("tvos")] + [UnsupportedOSPlatform("maccatalyst")] public static new DSA Create() { throw new PlatformNotSupportedException(); From 37fa10dbf47e1bbce6dd7be6513efb2136d63359 Mon Sep 17 00:00:00 2001 From: Filip Navara Date: Thu, 20 May 2021 08:13:35 +0200 Subject: [PATCH 09/16] Annotate DSAKeyValue default constructor with UnsupportedOSPlatform --- .../ref/System.Security.Cryptography.Xml.cs | 3 +++ .../src/System/Security/Cryptography/Xml/DSAKeyValue.cs | 4 ++++ 2 files changed, 7 insertions(+) diff --git a/src/libraries/System.Security.Cryptography.Xml/ref/System.Security.Cryptography.Xml.cs b/src/libraries/System.Security.Cryptography.Xml/ref/System.Security.Cryptography.Xml.cs index b8b7593f96b8c..f0c200066ae43 100644 --- a/src/libraries/System.Security.Cryptography.Xml/ref/System.Security.Cryptography.Xml.cs +++ b/src/libraries/System.Security.Cryptography.Xml/ref/System.Security.Cryptography.Xml.cs @@ -43,6 +43,9 @@ public DataReference(string uri, System.Security.Cryptography.Xml.TransformChain } public partial class DSAKeyValue : System.Security.Cryptography.Xml.KeyInfoClause { + [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("ios")] + [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("tvos")] + [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("maccatalyst")] public DSAKeyValue() { } public DSAKeyValue(System.Security.Cryptography.DSA key) { } public System.Security.Cryptography.DSA Key { get { throw null; } set { } } diff --git a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/DSAKeyValue.cs b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/DSAKeyValue.cs index e1c4d4a7c3cbe..e491e065ccfce 100644 --- a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/DSAKeyValue.cs +++ b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/DSAKeyValue.cs @@ -1,6 +1,7 @@ // Licensed to the .NET Foundation under one or more agreements. // The .NET Foundation licenses this file to you under the MIT license. +using System.Runtime.Versioning; using System.Xml; #pragma warning disable CA5384 // Do Not Use Digital Signature Algorithm (DSA) @@ -15,6 +16,9 @@ public class DSAKeyValue : KeyInfoClause // public constructors // + [UnsupportedOSPlatform("ios")] + [UnsupportedOSPlatform("tvos")] + [UnsupportedOSPlatform("maccatalyst")] public DSAKeyValue() { _key = DSA.Create(); From 39eea6593275dd2de6b011580a99331d131edd6c Mon Sep 17 00:00:00 2001 From: Filip Navara Date: Thu, 20 May 2021 08:18:11 +0200 Subject: [PATCH 10/16] Simplify platform checks --- .../tests/TestUtilities/System/PlatformDetection.Unix.cs | 2 +- .../tests/AesCcmTests.cs | 2 +- .../tests/AesGcmTests.cs | 2 +- .../tests/CryptoConfigTests.cs | 4 +--- 4 files changed, 4 insertions(+), 6 deletions(-) diff --git a/src/libraries/Common/tests/TestUtilities/System/PlatformDetection.Unix.cs b/src/libraries/Common/tests/TestUtilities/System/PlatformDetection.Unix.cs index b162a25ba11c3..096616937019e 100644 --- a/src/libraries/Common/tests/TestUtilities/System/PlatformDetection.Unix.cs +++ b/src/libraries/Common/tests/TestUtilities/System/PlatformDetection.Unix.cs @@ -105,7 +105,7 @@ public static bool OpenSslPresentOnSystem { get { - if (IsAndroid || IsiOS || IstvOS || IsMacCatalyst || IsBrowser) + if (IsAndroid || UsesMobileAppleCrypto || IsBrowser) { return false; } diff --git a/src/libraries/System.Security.Cryptography.Algorithms/tests/AesCcmTests.cs b/src/libraries/System.Security.Cryptography.Algorithms/tests/AesCcmTests.cs index a828a19232e70..eeb1f7edac2dc 100644 --- a/src/libraries/System.Security.Cryptography.Algorithms/tests/AesCcmTests.cs +++ b/src/libraries/System.Security.Cryptography.Algorithms/tests/AesCcmTests.cs @@ -707,7 +707,7 @@ public static void CheckIsSupported() { expectedIsSupported = PlatformDetection.OpenSslPresentOnSystem; } - else if (OperatingSystem.IsIOS() || OperatingSystem.IsTvOS() || OperatingSystem.IsMacCatalyst()) + else if (PlatformDetection.UsesMobileAppleCrypto) { expectedIsSupported = false; } diff --git a/src/libraries/System.Security.Cryptography.Algorithms/tests/AesGcmTests.cs b/src/libraries/System.Security.Cryptography.Algorithms/tests/AesGcmTests.cs index f0fc1159379ee..0322e37aac23c 100644 --- a/src/libraries/System.Security.Cryptography.Algorithms/tests/AesGcmTests.cs +++ b/src/libraries/System.Security.Cryptography.Algorithms/tests/AesGcmTests.cs @@ -875,7 +875,7 @@ public static void CheckIsSupported() { expectedIsSupported = PlatformDetection.OpenSslPresentOnSystem; } - else if (OperatingSystem.IsIOS() || OperatingSystem.IsTvOS() || OperatingSystem.IsMacCatalyst()) + else if (PlatformDetection.UsesMobileAppleCrypto) { expectedIsSupported = false; } diff --git a/src/libraries/System.Security.Cryptography.Algorithms/tests/CryptoConfigTests.cs b/src/libraries/System.Security.Cryptography.Algorithms/tests/CryptoConfigTests.cs index 3ae50adcc0a73..067a50a10015d 100644 --- a/src/libraries/System.Security.Cryptography.Algorithms/tests/CryptoConfigTests.cs +++ b/src/libraries/System.Security.Cryptography.Algorithms/tests/CryptoConfigTests.cs @@ -222,9 +222,7 @@ public static IEnumerable AllValidNames yield return new object[] { "RSA", "System.Security.Cryptography.RSACryptoServiceProvider", true }; yield return new object[] { "System.Security.Cryptography.RSA", "System.Security.Cryptography.RSACryptoServiceProvider", true }; yield return new object[] { "System.Security.Cryptography.AsymmetricAlgorithm", "System.Security.Cryptography.RSACryptoServiceProvider", true }; - if (!OperatingSystem.IsIOS() && - !OperatingSystem.IsTvOS() && - !OperatingSystem.IsMacCatalyst()) + if (!PlatformDetection.UsesMobileAppleCrypto) { yield return new object[] { "DSA", "System.Security.Cryptography.DSACryptoServiceProvider", true }; yield return new object[] { "System.Security.Cryptography.DSA", "System.Security.Cryptography.DSACryptoServiceProvider", true }; From 0cfc56e21f8e5b0c8ed69e29618e948988b6b2a6 Mon Sep 17 00:00:00 2001 From: Filip Navara Date: Thu, 20 May 2021 08:19:46 +0200 Subject: [PATCH 11/16] Add more UnsupportedOSPlatform attributes to DSA.Create --- .../src/System/Security/Cryptography/DSA.cs | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.cs b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.cs index e5d90e5d6eadb..f99d76d89930c 100644 --- a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.cs +++ b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.cs @@ -35,6 +35,9 @@ protected DSA() { } return (DSA?)CryptoConfig.CreateFromName(algName); } + [UnsupportedOSPlatform("ios")] + [UnsupportedOSPlatform("tvos")] + [UnsupportedOSPlatform("maccatalyst")] public static DSA Create(int keySizeInBits) { DSA dsa = Create(); @@ -51,6 +54,9 @@ public static DSA Create(int keySizeInBits) } } + [UnsupportedOSPlatform("ios")] + [UnsupportedOSPlatform("tvos")] + [UnsupportedOSPlatform("maccatalyst")] public static DSA Create(DSAParameters parameters) { DSA dsa = Create(); From 4cb6326bf03099a5b1b3cf30c2d67873446ddc2e Mon Sep 17 00:00:00 2001 From: Filip Navara Date: Thu, 20 May 2021 09:02:52 +0200 Subject: [PATCH 12/16] Fix ApiCompat --- .../Common/src/System/Security/Cryptography/DSAOpenSsl.cs | 2 +- .../System/Security/Cryptography/DSASecurityTransforms.cs | 3 +-- .../src/System/Security/Cryptography/AesGcm.cs | 3 +++ .../System/Security/Cryptography/DSA.Create.Android.cs | 2 +- .../Security/Cryptography/DSA.Create.NotSupported.cs | 5 +---- .../src/System/Security/Cryptography/DSA.cs | 8 ++++++++ .../src/System/Security/Cryptography/DSACng.cs | 2 +- 7 files changed, 16 insertions(+), 9 deletions(-) diff --git a/src/libraries/Common/src/System/Security/Cryptography/DSAOpenSsl.cs b/src/libraries/Common/src/System/Security/Cryptography/DSAOpenSsl.cs index 6993d59a33f73..7c75208f8a2ea 100644 --- a/src/libraries/Common/src/System/Security/Cryptography/DSAOpenSsl.cs +++ b/src/libraries/Common/src/System/Security/Cryptography/DSAOpenSsl.cs @@ -11,7 +11,7 @@ namespace System.Security.Cryptography #if INTERNAL_ASYMMETRIC_IMPLEMENTATIONS public partial class DSA : AsymmetricAlgorithm { - public static new DSA Create() + private static DSA CreateCore() { return new DSAImplementation.DSAOpenSsl(); } diff --git a/src/libraries/Common/src/System/Security/Cryptography/DSASecurityTransforms.cs b/src/libraries/Common/src/System/Security/Cryptography/DSASecurityTransforms.cs index d991928f7779d..8b7e0dbb4ec71 100644 --- a/src/libraries/Common/src/System/Security/Cryptography/DSASecurityTransforms.cs +++ b/src/libraries/Common/src/System/Security/Cryptography/DSASecurityTransforms.cs @@ -12,10 +12,9 @@ namespace System.Security.Cryptography { #if INTERNAL_ASYMMETRIC_IMPLEMENTATIONS - public partial class DSA : AsymmetricAlgorithm { - public static new DSA Create() + private static DSA CreateCore() { return new DSAImplementation.DSASecurityTransforms(); } diff --git a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/AesGcm.cs b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/AesGcm.cs index 78b0ce86db240..89c98f7866d08 100644 --- a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/AesGcm.cs +++ b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/AesGcm.cs @@ -7,6 +7,9 @@ namespace System.Security.Cryptography { [UnsupportedOSPlatform("browser")] + [UnsupportedOSPlatform("ios")] + [UnsupportedOSPlatform("tvos")] + [UnsupportedOSPlatform("maccatalyst")] public sealed partial class AesGcm : IDisposable { private const int NonceSize = 12; diff --git a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.Create.Android.cs b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.Create.Android.cs index 446a3e56f72bf..7dff1107e8dc8 100644 --- a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.Create.Android.cs +++ b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.Create.Android.cs @@ -5,7 +5,7 @@ namespace System.Security.Cryptography { public partial class DSA : AsymmetricAlgorithm { - public static new DSA Create() + private static DSA CreateCore() { return new DSAImplementation.DSAAndroid(); } diff --git a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.Create.NotSupported.cs b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.Create.NotSupported.cs index 28c8781708959..c9421b066260a 100644 --- a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.Create.NotSupported.cs +++ b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.Create.NotSupported.cs @@ -7,10 +7,7 @@ namespace System.Security.Cryptography { public partial class DSA : AsymmetricAlgorithm { - [UnsupportedOSPlatform("ios")] - [UnsupportedOSPlatform("tvos")] - [UnsupportedOSPlatform("maccatalyst")] - public static new DSA Create() + private static DSA CreateCore() { throw new PlatformNotSupportedException(); } diff --git a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.cs b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.cs index f99d76d89930c..89f2bf01310a5 100644 --- a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.cs +++ b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.cs @@ -35,6 +35,14 @@ protected DSA() { } return (DSA?)CryptoConfig.CreateFromName(algName); } + [UnsupportedOSPlatform("ios")] + [UnsupportedOSPlatform("tvos")] + [UnsupportedOSPlatform("maccatalyst")] + public static new DSA Create() + { + return CreateCore(); + } + [UnsupportedOSPlatform("ios")] [UnsupportedOSPlatform("tvos")] [UnsupportedOSPlatform("maccatalyst")] diff --git a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSACng.cs b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSACng.cs index 9cdf2b83cab31..8ede9bb6dcf5c 100644 --- a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSACng.cs +++ b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSACng.cs @@ -8,7 +8,7 @@ namespace System.Security.Cryptography { public partial class DSA : AsymmetricAlgorithm { - public static new DSA Create() + private static DSA CreateCore() { return new DSAImplementation.DSACng(); } From 6c61e1d6f220fdbbc97de5041d2eafca3f7cd7d5 Mon Sep 17 00:00:00 2001 From: Filip Navara Date: Thu, 20 May 2021 09:04:28 +0200 Subject: [PATCH 13/16] Might as well use DSA.CreateCore in the other two DSA.Create methods --- .../src/System/Security/Cryptography/DSA.cs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.cs b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.cs index 89f2bf01310a5..2e06904214f42 100644 --- a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.cs +++ b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.cs @@ -48,7 +48,7 @@ protected DSA() { } [UnsupportedOSPlatform("maccatalyst")] public static DSA Create(int keySizeInBits) { - DSA dsa = Create(); + DSA dsa = CreateCore(); try { @@ -67,7 +67,7 @@ public static DSA Create(int keySizeInBits) [UnsupportedOSPlatform("maccatalyst")] public static DSA Create(DSAParameters parameters) { - DSA dsa = Create(); + DSA dsa = CreateCore(); try { From d9a8cc8d1091d4b3f8e03ffe91083d6bbc44ab31 Mon Sep 17 00:00:00 2001 From: Filip Navara Date: Thu, 20 May 2021 10:58:06 +0200 Subject: [PATCH 14/16] More ApiCompat fixes --- .../src/Internal/Cryptography/Helpers.cs | 10 ++++++++++ .../Cryptography/Pal/AnyOS/ManagedPal.cs | 2 +- .../Cryptography/Pkcs/CmsSignature.DSA.cs | 20 +++++++++++++------ ....Security.Cryptography.X509Certificates.cs | 3 +++ .../DSACertificateExtensions.cs | 4 ++++ .../X509Certificates/X509Certificate2.cs | 4 ++-- .../ApiCompatBaseline.PreviousNetCoreApp.txt | 6 +++++- 7 files changed, 39 insertions(+), 10 deletions(-) diff --git a/src/libraries/Common/src/Internal/Cryptography/Helpers.cs b/src/libraries/Common/src/Internal/Cryptography/Helpers.cs index 2440690cd6e19..c2998444ea105 100644 --- a/src/libraries/Common/src/Internal/Cryptography/Helpers.cs +++ b/src/libraries/Common/src/Internal/Cryptography/Helpers.cs @@ -4,11 +4,21 @@ using System; using System.Diagnostics.CodeAnalysis; using System.Security.Cryptography; +using System.Runtime.Versioning; namespace Internal.Cryptography { internal static partial class Helpers { +#if NET5_0_OR_GREATER + [UnsupportedOSPlatformGuard("ios")] + [UnsupportedOSPlatformGuard("tvos")] + [UnsupportedOSPlatformGuard("maccatalyst")] + public static bool IsDSASupported => !OperatingSystem.IsIOS() && !OperatingSystem.IsTvOS() && !OperatingSystem.IsMacCatalyst(); +#else + public static bool IsDSASupported => true; +#endif + [return: NotNullIfNotNull("src")] public static byte[]? CloneByteArray(this byte[]? src) { diff --git a/src/libraries/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/Pal/AnyOS/ManagedPal.cs b/src/libraries/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/Pal/AnyOS/ManagedPal.cs index 94e8c460e4ce5..1a23c5d0be81e 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/Pal/AnyOS/ManagedPal.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/Pal/AnyOS/ManagedPal.cs @@ -84,7 +84,7 @@ public override byte[] GetSubjectKeyIdentifier(X509Certificate2 certificate) if (typeof(T) == typeof(ECDsa)) return (T?)(object?)certificate.GetECDsaPrivateKey(); #if NETCOREAPP || NETSTANDARD2_1 - if (typeof(T) == typeof(DSA)) + if (typeof(T) == typeof(DSA) && Internal.Cryptography.Helpers.IsDSASupported) return (T?)(object?)certificate.GetDSAPrivateKey(); #endif diff --git a/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/CmsSignature.DSA.cs b/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/CmsSignature.DSA.cs index c2c51f6dc3ef8..d6d6c5b4bafab 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/CmsSignature.DSA.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/CmsSignature.DSA.cs @@ -2,10 +2,11 @@ // The .NET Foundation licenses this file to you under the MIT license. using System.Buffers; +using System.Diagnostics; +using System.Diagnostics.CodeAnalysis; using System.Collections.Generic; using System.Security.Cryptography.X509Certificates; using Internal.Cryptography; -using System.Diagnostics.CodeAnalysis; namespace System.Security.Cryptography.Pkcs { @@ -13,11 +14,14 @@ internal partial class CmsSignature { static partial void PrepareRegistrationDsa(Dictionary lookup) { - lookup.Add(Oids.DsaWithSha1, new DSACmsSignature(Oids.DsaWithSha1, HashAlgorithmName.SHA1)); - lookup.Add(Oids.DsaWithSha256, new DSACmsSignature(Oids.DsaWithSha256, HashAlgorithmName.SHA256)); - lookup.Add(Oids.DsaWithSha384, new DSACmsSignature(Oids.DsaWithSha384, HashAlgorithmName.SHA384)); - lookup.Add(Oids.DsaWithSha512, new DSACmsSignature(Oids.DsaWithSha512, HashAlgorithmName.SHA512)); - lookup.Add(Oids.Dsa, new DSACmsSignature(null, default)); + if (Helpers.IsDSASupported) + { + lookup.Add(Oids.DsaWithSha1, new DSACmsSignature(Oids.DsaWithSha1, HashAlgorithmName.SHA1)); + lookup.Add(Oids.DsaWithSha256, new DSACmsSignature(Oids.DsaWithSha256, HashAlgorithmName.SHA256)); + lookup.Add(Oids.DsaWithSha384, new DSACmsSignature(Oids.DsaWithSha384, HashAlgorithmName.SHA384)); + lookup.Add(Oids.DsaWithSha512, new DSACmsSignature(Oids.DsaWithSha512, HashAlgorithmName.SHA512)); + lookup.Add(Oids.Dsa, new DSACmsSignature(null, default)); + } } private sealed class DSACmsSignature : CmsSignature @@ -58,6 +62,8 @@ internal override bool VerifySignature( _signatureAlgorithm)); } + Debug.Assert(Helpers.IsDSASupported); + DSA? dsa = certificate.GetDSAPublicKey(); if (dsa == null) @@ -105,6 +111,8 @@ protected override bool Sign( [NotNullWhen(true)] out string? signatureAlgorithm, [NotNullWhen(true)] out byte[]? signatureValue) { + Debug.Assert(Helpers.IsDSASupported); + // If there's no private key, fall back to the public key for a "no private key" exception. DSA? dsa = key as DSA ?? PkcsPal.Instance.GetPrivateKeyForSigning(certificate, silent) ?? diff --git a/src/libraries/System.Security.Cryptography.X509Certificates/ref/System.Security.Cryptography.X509Certificates.cs b/src/libraries/System.Security.Cryptography.X509Certificates/ref/System.Security.Cryptography.X509Certificates.cs index 992d44d0824b9..4b7bdf649bd79 100644 --- a/src/libraries/System.Security.Cryptography.X509Certificates/ref/System.Security.Cryptography.X509Certificates.cs +++ b/src/libraries/System.Security.Cryptography.X509Certificates/ref/System.Security.Cryptography.X509Certificates.cs @@ -34,6 +34,9 @@ public CertificateRequest(string subjectName, System.Security.Cryptography.RSA k public byte[] CreateSigningRequest() { throw null; } public byte[] CreateSigningRequest(System.Security.Cryptography.X509Certificates.X509SignatureGenerator signatureGenerator) { throw null; } } + [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("ios")] + [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("tvos")] + [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("maccatalyst")] public static partial class DSACertificateExtensions { public static System.Security.Cryptography.X509Certificates.X509Certificate2 CopyWithPrivateKey(this System.Security.Cryptography.X509Certificates.X509Certificate2 certificate, System.Security.Cryptography.DSA privateKey) { throw null; } diff --git a/src/libraries/System.Security.Cryptography.X509Certificates/src/System/Security/Cryptography/X509Certificates/DSACertificateExtensions.cs b/src/libraries/System.Security.Cryptography.X509Certificates/src/System/Security/Cryptography/X509Certificates/DSACertificateExtensions.cs index 42744defa1cda..7d54eaa38b13f 100644 --- a/src/libraries/System.Security.Cryptography.X509Certificates/src/System/Security/Cryptography/X509Certificates/DSACertificateExtensions.cs +++ b/src/libraries/System.Security.Cryptography.X509Certificates/src/System/Security/Cryptography/X509Certificates/DSACertificateExtensions.cs @@ -3,6 +3,7 @@ using Internal.Cryptography; using Internal.Cryptography.Pal; +using System.Runtime.Versioning; namespace System.Security.Cryptography.X509Certificates { @@ -10,6 +11,9 @@ namespace System.Security.Cryptography.X509Certificates /// Provides extension methods for retrieving implementations for the /// public and private keys of a . /// + [UnsupportedOSPlatform("ios")] + [UnsupportedOSPlatform("tvos")] + [UnsupportedOSPlatform("maccatalyst")] public static class DSACertificateExtensions { /// diff --git a/src/libraries/System.Security.Cryptography.X509Certificates/src/System/Security/Cryptography/X509Certificates/X509Certificate2.cs b/src/libraries/System.Security.Cryptography.X509Certificates/src/System/Security/Cryptography/X509Certificates/X509Certificate2.cs index b16df4a367f99..76022ec91b6ab 100644 --- a/src/libraries/System.Security.Cryptography.X509Certificates/src/System/Security/Cryptography/X509Certificates/X509Certificate2.cs +++ b/src/libraries/System.Security.Cryptography.X509Certificates/src/System/Security/Cryptography/X509Certificates/X509Certificate2.cs @@ -943,7 +943,7 @@ public static X509Certificate2 CreateFromPem(ReadOnlySpan certPem, ReadOnl return keyAlgorithm switch { Oids.Rsa => ExtractKeyFromPem(keyPem, s_RsaPublicKeyPrivateKeyLabels, RSA.Create, certificate.CopyWithPrivateKey), - Oids.Dsa => ExtractKeyFromPem(keyPem, s_DsaPublicKeyPrivateKeyLabels, DSA.Create, certificate.CopyWithPrivateKey), + Oids.Dsa when Helpers.IsDSASupported => ExtractKeyFromPem(keyPem, s_DsaPublicKeyPrivateKeyLabels, DSA.Create, certificate.CopyWithPrivateKey), Oids.EcPublicKey when IsECDsa(certificate) => ExtractKeyFromPem( keyPem, @@ -1013,7 +1013,7 @@ public static X509Certificate2 CreateFromEncryptedPem(ReadOnlySpan certPem return keyAlgorithm switch { Oids.Rsa => ExtractKeyFromEncryptedPem(keyPem, password, RSA.Create, certificate.CopyWithPrivateKey), - Oids.Dsa => ExtractKeyFromEncryptedPem(keyPem, password, DSA.Create, certificate.CopyWithPrivateKey), + Oids.Dsa when Helpers.IsDSASupported => ExtractKeyFromEncryptedPem(keyPem, password, DSA.Create, certificate.CopyWithPrivateKey), Oids.EcPublicKey when IsECDsa(certificate) => ExtractKeyFromEncryptedPem( keyPem, diff --git a/src/libraries/shims/ApiCompatBaseline.PreviousNetCoreApp.txt b/src/libraries/shims/ApiCompatBaseline.PreviousNetCoreApp.txt index 2d6940197b4f6..ae74975ddda7b 100644 --- a/src/libraries/shims/ApiCompatBaseline.PreviousNetCoreApp.txt +++ b/src/libraries/shims/ApiCompatBaseline.PreviousNetCoreApp.txt @@ -171,4 +171,8 @@ Compat issues with assembly System.Security.Cryptography.Algorithms: CannotRemoveAttribute : Attribute 'System.Runtime.Versioning.UnsupportedOSPlatformAttribute' exists on 'System.Security.Cryptography.CryptoConfig' in the contract but not the implementation. Compat issues with assembly System.Threading.Tasks.Extensions: CannotChangeAttribute : Attribute 'System.AttributeUsageAttribute' on 'System.Runtime.CompilerServices.AsyncMethodBuilderAttribute' changed from '[AttributeUsageAttribute(AttributeTargets.Class | AttributeTargets.Delegate | AttributeTargets.Enum | AttributeTargets.Interface | AttributeTargets.Struct, Inherited=false, AllowMultiple=false)]' in the contract to '[AttributeUsageAttribute(AttributeTargets.Class | AttributeTargets.Delegate | AttributeTargets.Enum | AttributeTargets.Interface | AttributeTargets.Method | AttributeTargets.Struct, Inherited=false, AllowMultiple=false)]' in the implementation. -Total Issues: 158 +CannotChangeAttribute : Attribute 'System.Runtime.Versioning.UnsupportedOSPlatformAttribute' on 'System.Security.Cryptography.AesCcm' changed from '[UnsupportedOSPlatformAttribute("browser")]' in the contract to '[UnsupportedOSPlatformAttribute("browser")]' in the implementation. +CannotChangeAttribute : Attribute 'System.Runtime.Versioning.UnsupportedOSPlatformAttribute' on 'System.Security.Cryptography.AesGcm' changed from '[UnsupportedOSPlatformAttribute("browser")]' in the contract to '[UnsupportedOSPlatformAttribute("browser")]' in the implementation. +CannotChangeAttribute : Attribute 'System.Runtime.Versioning.UnsupportedOSPlatformAttribute' on 'System.Security.Cryptography.AesCcm' changed from '[UnsupportedOSPlatformAttribute("browser")]' in the contract to '[UnsupportedOSPlatformAttribute("browser")]' in the implementation. +CannotChangeAttribute : Attribute 'System.Runtime.Versioning.UnsupportedOSPlatformAttribute' on 'System.Security.Cryptography.AesGcm' changed from '[UnsupportedOSPlatformAttribute("browser")]' in the contract to '[UnsupportedOSPlatformAttribute("browser")]' in the implementation. +Total Issues: 162 From fdc95f27c6ee3aa19d894a9e37df794053b33ea3 Mon Sep 17 00:00:00 2001 From: Filip Navara Date: Thu, 20 May 2021 11:45:13 +0200 Subject: [PATCH 15/16] Fix test build --- .../System.Security.Cryptography.Xml/tests/SignedXmlTest.cs | 1 + 1 file changed, 1 insertion(+) diff --git a/src/libraries/System.Security.Cryptography.Xml/tests/SignedXmlTest.cs b/src/libraries/System.Security.Cryptography.Xml/tests/SignedXmlTest.cs index e616b96296526..0a17b7850f47f 100644 --- a/src/libraries/System.Security.Cryptography.Xml/tests/SignedXmlTest.cs +++ b/src/libraries/System.Security.Cryptography.Xml/tests/SignedXmlTest.cs @@ -15,6 +15,7 @@ using System.Text; using System.Xml; using System.Xml.XPath; +using Test.Cryptography; using Xunit; namespace System.Security.Cryptography.Xml.Tests From c663d2a01b9735b22896f5aa15beda9c811b5f54 Mon Sep 17 00:00:00 2001 From: Filip Navara Date: Thu, 20 May 2021 13:59:22 +0200 Subject: [PATCH 16/16] Fix tests on Mac Catalyst --- .../System.Security.Cryptography.Xml/tests/KeyInfoTest.cs | 7 ++++--- .../tests/SignedXmlTest.cs | 4 ++-- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/src/libraries/System.Security.Cryptography.Xml/tests/KeyInfoTest.cs b/src/libraries/System.Security.Cryptography.Xml/tests/KeyInfoTest.cs index 9812572ae6abd..61534f61c2ba0 100644 --- a/src/libraries/System.Security.Cryptography.Xml/tests/KeyInfoTest.cs +++ b/src/libraries/System.Security.Cryptography.Xml/tests/KeyInfoTest.cs @@ -13,6 +13,7 @@ using System.Linq; using System.Security.Cryptography.X509Certificates; using System.Xml; +using Test.Cryptography; using Xunit; namespace System.Security.Cryptography.Xml.Tests @@ -69,7 +70,7 @@ public void KeyInfoNode() private static string xmlDSA = "

" + dsaP + "

" + dsaQ + "" + dsaG + "" + dsaY + "
"; [Fact] - [SkipOnPlatform(TestPlatforms.iOS | TestPlatforms.tvOS, "Not supported on iOS or tvOS.")] + [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] public void DSAKeyValue() { using (DSA key = DSA.Create()) @@ -148,7 +149,7 @@ public void X509Data() } [Fact] - [SkipOnPlatform(TestPlatforms.iOS | TestPlatforms.tvOS, "Not supported on iOS or tvOS.")] + [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] public void Complex() { KeyInfoName name = new KeyInfoName(); @@ -199,7 +200,7 @@ public void Complex() } [Fact] - [SkipOnPlatform(TestPlatforms.iOS | TestPlatforms.tvOS, "Not supported on iOS or tvOS.")] + [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] public void ImportKeyNode() { string keyName = "Mono::"; diff --git a/src/libraries/System.Security.Cryptography.Xml/tests/SignedXmlTest.cs b/src/libraries/System.Security.Cryptography.Xml/tests/SignedXmlTest.cs index 0a17b7850f47f..c6ad9ba72e8e6 100644 --- a/src/libraries/System.Security.Cryptography.Xml/tests/SignedXmlTest.cs +++ b/src/libraries/System.Security.Cryptography.Xml/tests/SignedXmlTest.cs @@ -289,7 +289,7 @@ public void AsymmetricRSAMixedCaseAttributesVerifyWindows() [Fact] [ActiveIssue("https://github.com/dotnet/runtime/issues/20575", TestPlatforms.OSX)] - [SkipOnPlatform(TestPlatforms.iOS | TestPlatforms.tvOS, "Not supported on iOS or tvOS.")] + [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] public void AsymmetricDSASignature() { SignedXml signedXml = MSDNSample(); @@ -389,7 +389,7 @@ public void AsymmetricRSAVerify() // Using empty constructor // The two other constructors don't seems to apply in verifying signatures [Fact] - [SkipOnPlatform(TestPlatforms.iOS | TestPlatforms.tvOS, "Not supported on iOS or tvOS.")] + [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] public void AsymmetricDSAVerify() { string value = "/Vvq6sXEVbtZC8GwNtLQnGOy/VI=BYz/qRGjGsN1yMFPxWa3awUZm1y4I/IxOQroMxkOteRGgk1HIwhRYw==

iglVaZ+LsSL8Y0aDXmFMBwva3xHqIypr3l/LtqBH9ziV2Sh1M4JVasAiKqytWIWt/s/Uk8Ckf2tO2Ww1vsNi1NL+Kg9T7FE52sn380/rF0miwGkZeidzm74OWhykb3J+wCTXaIwOzAWI1yN7FoeoN7wzF12jjlSXAXeqPMlViqk=

u4sowiJMHilNRojtdmIuQY2YnB8=SdnN7d+wn1n+HH4Hr8MIryIRYgcXdbZ5TH7jAnuWc1koqRc1AZfcYAZ6RDf+orx6Lzn055FTFiN+1NHQfGUtXJCWW0zz0FVV1NJux7WRj8vGTldjJ5ef0oCenkpwDjcIxWsZgVobve4GPoyN1sAc1scnkJB59oupibklmF4y72A=XejzS8Z51yfl0zbYnxSYYbHqreSLjNCoGPB/KjM1TOyV5sMjz0StKtGrFWryTWc7EgvFY7kUth4e04VKf9HbK8z/FifHTXj8+Tszbjzw8GfInnBwLN+vJgbpnjtypmiI5Bm2nLiRbfkdAHP+OrKtr/EauM9GQfYuaxm3/Vj8B84=vGwGg9wqwwWP9xsoPoXu6kHArJtadiNKe9azBiUx5Ob883gd5wlKfEcGuKkBmBySGbgwxyOsIBovd9Kk48hF01ymfQzAAuHR0EdJECSsTsTTKVTLQNBU32O+PRbLYpv4E8kt6rNL83JLJCBYsqzn8J6fd2gtEyq6YOqiUSHgPE8=sQ==
This is some text
";